bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 15 Actions Packages Projects Releases Wiki Activity

deploy(php): roll non-root GX10 operator image

Browse Source
This commit is contained in:
Andrew Stoltz
2026-06-17 05:22:36 -05:00
parent 8d55ca1566
commit cebd934872
1 changed files with 57 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
apps-gx10/fc-system/deployment-php-operator.json
View File

@@ -73,8 +73,8 @@
"value": "true" "value": "true"
} }
], ],
"image": "localhost/fc-php-operator:gx10-v1", "image": "localhost/fc-php-operator:v20260617-sec5-0bfbf42",
"imagePullPolicy": "IfNotPresent", "imagePullPolicy": "Never",
"livenessProbe": { "livenessProbe": {
"failureThreshold": 3, "failureThreshold": 3,
"httpGet": { "httpGet": {
@@ -117,17 +117,47 @@
"memory": "256Mi" "memory": "256Mi"
} }
}, },
"securityContext": {
"allowPrivilegeEscalation": false,
"capabilities": {
"drop": [
"ALL"
]
},
"readOnlyRootFilesystem": true
},
"terminationMessagePath": "/dev/termination-log", "terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File" "terminationMessagePolicy": "File",
"volumeMounts": [
{
"mountPath": "/tmp",
"name": "tmp"
}
]
} }
], ],
"dnsPolicy": "ClusterFirst", "dnsPolicy": "ClusterFirst",
"restartPolicy": "Always", "restartPolicy": "Always",
"schedulerName": "default-scheduler", "schedulerName": "default-scheduler",
"securityContext": {}, "securityContext": {
"fsGroup": 1654,
"fsGroupChangePolicy": "OnRootMismatch",
"runAsGroup": 1654,
"runAsNonRoot": true,
"runAsUser": 1654,
"seccompProfile": {
"type": "RuntimeDefault"
}
},
"serviceAccount": "php-operator", "serviceAccount": "php-operator",
"serviceAccountName": "php-operator", "serviceAccountName": "php-operator",
"terminationGracePeriodSeconds": 30 "terminationGracePeriodSeconds": 30,
"volumes": [
{
"emptyDir": {},
"name": "tmp"
}
]
} }
} }
} }